[strongSwan] KEY_ID encoding

Volodymyr Litovka doka.ua at gmx.com
Sat Sep 12 01:23:59 CEST 2020

Hi colleagues,

according to
https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing :

"If the string begins with @# the type is set to KEY_ID and the string
following that prefix is assumed to be the hex-encoded binary value of
the identity."

It seems, I understand incorrectly the statement above, because
configuration for the key-id 'aa' (where @#6161 stands for HEX codes of
twin 'a') -

ikev2-psk {
	[ ... ]
	remote {
		auth = psk
		id = @#6161

do not work - StrongSwan do not consider this connection when choosing
between few.

What is the right way to describe id for PSK connection where remote
part uses key-id type, e.g. on Cisco it is "crypto isakmp identity
key-id aa"?

And which id need to be used in 'secrets' section to achieve the result?
Should it be

ike-cisco1 {
     id = aa
     secret = qwerty


ike-cisco1 {
     id = @#6161
     secret = qwerty

or something else done on the right way?

Thank you!

Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200912/87704f47/attachment.html>

More information about the Users mailing list